Announcement

Collapse
No announcement yet.

[Internet Explorer 5.5 & 6.0 security patch]!

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • [Internet Explorer 5.5 & 6.0 security patch]!

    To all members using IE 5.50 and 6.0 browsers please read this http://news.cnet.com/news/0-1005-200...html?tag=cd_mh

    security patch can be downloaded and installed from here

    What vulnerabilities are eliminated by this patch?

    This patch, when installed, eliminates all known security vulnerabilities affecting Internet Explorer 5.5 and 6.0. In addition to eliminating all previously discussed vulnerabilities affecting these versions, it also eliminates three new ones.

    ============================================
    Installation platforms:
    - The IE 5.5 patch can be installed on IE 5.5 Service Pack 2.
    - The IE 6 patch can be installed on IE 6 Gold.

    Inclusion in future service packs:
    The fix for these issue will be included in IE 5.5 Service Pack 3, and IE 6 Service Pack 1.

    Reboot needed: Yes

    Verifying patch installation:

    - To verify that the patch has been installed on the machine, open IE, select Help, then select About Internet Explorer and confirm that Q312461 is listed in the Update Versions field.

    - To verify the individual files, use the patch manifest provided in Knowledge Base articles Q312461.
    ============================================

    If you can't update yet... Microsoft advises that you


    Microsoft is urging IE users to disable active scripting in the their browser settings. In addition, consumers using Outlook Express should set their preferences within the mail program to allow only "Restricted Sites" to load, according to the company.

    To disable active scripting in IE, open the Tools menu in the browser, followed by Internet Options and then the tab for Security. Next, open the Custom Level option; in the Settings box, scroll down to the Scripting section. Click Disable under "Active scripting" and "Scripting of Java applets." Click OK, and then click OK again.


    Explanation

    Microsoft has issued a patch almost a week after a vulnerability was revealed in Internet Explorer that would allow hackers to gain access to someone's cookies and expose the sensitive information they contain.

    The exploit was discovered last week and reported publicly rather than directly to Microsoft. At the time, the software giant advised customers to disable Active Scripting, to protect them from the Web-hosted and mail-borne variants of the vulnerability.

    Microsoft says the patch released Wednesday represents a fast turnaround by its security team.

    "The vulnerability was publicly disclosed by someone who discovered the vulnerability on Nov. 8, which was extremely irresponsible," said a Microsoft representative. "The immediate action that we took was to issue a work-around so that system administrators could protect themselves, and a patch was issued yesterday."

    The high-risk vulnerability in IE 5.5 and 6.0 allows malicious code to gain unauthorized access to the cookies that are used to customize and retain a site's setting for a customer across multiple sessions. Because some e-commerce Web sites use cookies to store sensitive information about consumers, it is possible that personal information could be exposed through the software hole.

    "It is a serious issue--people have always been worried about cookies, but have never considered that someone else could use the information from a Web site that they run," said Mark Read, security analyst at MIS Corporate Defence Solutions.

    The vulnerability came shortly after security flaws were found in Microsoft's Passport authentication system, causing the software maker to remove part of the service from the Internet. The privacy breach in Wallet, a Passport service that keeps track of data used by e-commerce sites, potentially exposed the financial data of thousands of consumers, undermining the company's recent efforts to convince people that it is serious about security.

    Read said he thinks it unlikely that the privacy policies of e-commerce sites will allow customer credit card details to be displayed as cookie information, but there is the potential for hackers to use the information to order goods online.

    Cookies are text files, saved on a computer hard drive as a unique reference for identifying individual customers. "There is no easy way to get around cookies, as there needs to be some way of placing a unique identifier on a computer to say 'this is me'--the only alternative is digital certificates," said Read.
    :: Always Back Up Forum Database + Attachments BEFORE upgrading !
    :: Nginx SPDY SSL - World Flags Demo [video results]
    :: vBulletin hacked forums: Clean Up Guide for VPS/Dedicated hosting users [ vbulletin.com blog summary ]

  • #2
    thx eva
    Email: [email protected]
    Site: Under Construction

    Comment


    • #3
      Yeah, I just saw this link somewhere else and installed it.

      Comment


      • #4
        m$ sUxOrs!

        Comment


        • #5
          crackers were using this exploit to steal peoples names on yahoo. lol. Just installed the patch . .thanks eva .

          Comment


          • #6
            Will it do it for my automatically if I click the update thingumy in Windows XP?
            Motorsport Forums

            Comment


            • #7
              Originally posted by Mark Hewitt
              Will it do it for my automatically if I click the update thingumy in Windows XP?
              you can try but see if the verify info i posted above lists in in IE about section

              Verifying patch installation:

              - To verify that the patch has been installed on the machine, open IE, select Help, then select About Internet Explorer and confirm that Q312461 is listed in the Update Versions field.

              - To verify the individual files, use the patch manifest provided in Knowledge Base articles Q312461.
              ??

              i had I5 5.5 SP1 so upgraded to SP2 and then applied the patch above

              made sure all my members on my vB also are aware of this... so vB owners/admins spread the word !
              :: Always Back Up Forum Database + Attachments BEFORE upgrading !
              :: Nginx SPDY SSL - World Flags Demo [video results]
              :: vBulletin hacked forums: Clean Up Guide for VPS/Dedicated hosting users [ vbulletin.com blog summary ]

              Comment

              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
              Working...
              X